Last updated: 2026-06-11 19:16:14 +0200

unclassified (28)

??: 28
Average staleness: 402 / Average age: 564

Bug	Severity	Summary	Stale	Age
880669	??	[Tracker] Go x/text DoS via crafted Accept-Language header CVE-2022-32149 [Tracker] UAF in Expat's xmlparse.c:doContent [Tracker] Vulnerabilty in app-arch/qpress [Tracker] Prometheus basic authentication bypass via exporter-toolkit [Tracker] Denial of service in Go's net/http [Tracker] Denial of service in Go's crypto/ssh [Tracker] nuget credential leakage [Tracker] MySQL DoS (Oracle CPU Oct 2023) [TRACKER] unsafe-libyaml: Unaligned write of u64 on 32-bit and 16-bit platforms [TRACKER] GHSA-c827-hfw6-qwvm: rustix: memory explosion leading to potential DOS [Tracker] runc container breakout vulnerability [Tracker] CUPS vulnerabilities on 2024-09-26 [Tracker] Vulnerability in 7zip's zstandard (zstd) implementation	1309	1309
881405	??	[Tracker] UAF in Expat's xmlparse.c:doContent CVE-2022-40674 [Tracker] Go x/text DoS via crafted Accept-Language header [Tracker] Vulnerabilty in app-arch/qpress [Tracker] Prometheus basic authentication bypass via exporter-toolkit [Tracker] Denial of service in Go's net/http [Tracker] Denial of service in Go's crypto/ssh [Tracker] nuget credential leakage [Tracker] MySQL DoS (Oracle CPU Oct 2023) [TRACKER] unsafe-libyaml: Unaligned write of u64 on 32-bit and 16-bit platforms [TRACKER] GHSA-c827-hfw6-qwvm: rustix: memory explosion leading to potential DOS [Tracker] runc container breakout vulnerability [Tracker] CUPS vulnerabilities on 2024-09-26 [Tracker] Vulnerability in 7zip's zstandard (zstd) implementation	1304	1304
883665	??	[Tracker] Denial of service in Go's net/http CVE-2022-27664 [Tracker] Go x/text DoS via crafted Accept-Language header [Tracker] UAF in Expat's xmlparse.c:doContent [Tracker] Vulnerabilty in app-arch/qpress [Tracker] Prometheus basic authentication bypass via exporter-toolkit [Tracker] nuget credential leakage [Tracker] MySQL DoS (Oracle CPU Oct 2023) [TRACKER] unsafe-libyaml: Unaligned write of u64 on 32-bit and 16-bit platforms [TRACKER] GHSA-c827-hfw6-qwvm: rustix: memory explosion leading to potential DOS [Tracker] runc container breakout vulnerability [Tracker] CUPS vulnerabilities on 2024-09-26 [Tracker] Vulnerability in 7zip's zstandard (zstd) implementation	1290	1290
883667	??	[Tracker] Denial of service in Go's crypto/ssh CVE-2022-27191 [Tracker] Go x/text DoS via crafted Accept-Language header [Tracker] UAF in Expat's xmlparse.c:doContent [Tracker] Vulnerabilty in app-arch/qpress [Tracker] Prometheus basic authentication bypass via exporter-toolkit [Tracker] nuget credential leakage [Tracker] MySQL DoS (Oracle CPU Oct 2023) [TRACKER] unsafe-libyaml: Unaligned write of u64 on 32-bit and 16-bit platforms [TRACKER] GHSA-c827-hfw6-qwvm: rustix: memory explosion leading to potential DOS [Tracker] runc container breakout vulnerability [Tracker] CUPS vulnerabilities on 2024-09-26 [Tracker] Vulnerability in 7zip's zstandard (zstd) implementation	1290	1290
843158	??	[Tracker] dev-lang/squirrel: multiple vulnerabilities CVE-2021-41556 CVE-2022-30292	1276	1496
908819	??	[Tracker] nuget credential leakage CVE-2022-30184 [Tracker] Go x/text DoS via crafted Accept-Language header [Tracker] UAF in Expat's xmlparse.c:doContent [Tracker] Vulnerabilty in app-arch/qpress [Tracker] Prometheus basic authentication bypass via exporter-toolkit [Tracker] Denial of service in Go's net/http [Tracker] Denial of service in Go's crypto/ssh [Tracker] MySQL DoS (Oracle CPU Oct 2023) [TRACKER] unsafe-libyaml: Unaligned write of u64 on 32-bit and 16-bit platforms [TRACKER] GHSA-c827-hfw6-qwvm: rustix: memory explosion leading to potential DOS [Tracker] runc container breakout vulnerability [Tracker] CUPS vulnerabilities on 2024-09-26 [Tracker] Vulnerability in 7zip's zstandard (zstd) implementation	1088	1088
918697	??	[Tracker] MySQL DoS (Oracle CPU Oct 2023) CVE-2023-22084 [Tracker] Go x/text DoS via crafted Accept-Language header [Tracker] UAF in Expat's xmlparse.c:doContent [Tracker] Vulnerabilty in app-arch/qpress [Tracker] Prometheus basic authentication bypass via exporter-toolkit [Tracker] Denial of service in Go's net/http [Tracker] Denial of service in Go's crypto/ssh [Tracker] nuget credential leakage [TRACKER] unsafe-libyaml: Unaligned write of u64 on 32-bit and 16-bit platforms [TRACKER] GHSA-c827-hfw6-qwvm: rustix: memory explosion leading to potential DOS [Tracker] runc container breakout vulnerability [Tracker] CUPS vulnerabilities on 2024-09-26 [Tracker] Vulnerability in 7zip's zstandard (zstd) implementation	859	926
925028	??	[Tracker] runc container breakout vulnerability CVE-2024-21626 [Tracker] Go x/text DoS via crafted Accept-Language header [Tracker] UAF in Expat's xmlparse.c:doContent [Tracker] Vulnerabilty in app-arch/qpress [Tracker] Prometheus basic authentication bypass via exporter-toolkit [Tracker] Denial of service in Go's net/http [Tracker] Denial of service in Go's crypto/ssh [Tracker] nuget credential leakage [Tracker] MySQL DoS (Oracle CPU Oct 2023) [TRACKER] unsafe-libyaml: Unaligned write of u64 on 32-bit and 16-bit platforms [TRACKER] GHSA-c827-hfw6-qwvm: rustix: memory explosion leading to potential DOS [Tracker] CUPS vulnerabilities on 2024-09-26 [Tracker] Vulnerability in 7zip's zstandard (zstd) implementation	842	842
936384	??	[Tracker] Go containers/image library: unexpected authenticated registry accesses CVE-2024-3727	687	691
940312	??	[Tracker] CUPS vulnerabilities on 2024-09-26 [Tracker] Go x/text DoS via crafted Accept-Language header [Tracker] UAF in Expat's xmlparse.c:doContent [Tracker] Vulnerabilty in app-arch/qpress [Tracker] Prometheus basic authentication bypass via exporter-toolkit [Tracker] Denial of service in Go's net/http [Tracker] Denial of service in Go's crypto/ssh [Tracker] nuget credential leakage [Tracker] MySQL DoS (Oracle CPU Oct 2023) [TRACKER] unsafe-libyaml: Unaligned write of u64 on 32-bit and 16-bit platforms [TRACKER] GHSA-c827-hfw6-qwvm: rustix: memory explosion leading to potential DOS [Tracker] runc container breakout vulnerability [Tracker] Vulnerability in 7zip's zstandard (zstd) implementation	622	623

unknown (263)

Critical: 1 / Major: 77 / Normal: 136 / Minor: 27 / Trivial: 16 / ??: 6
Average staleness: 160 / Average age: 614

Bug	Severity	Summary	Stale	Age
969395	Critical	<x11-drivers/nvidia-drivers-{535.288.01:0/535,570.211.01:0/570,580.126.09:0/580,590.48.01:0/590}: integer overflow vulnerability CVE-2025-33219 <x11-drivers/nvidia-drivers-{535.230.02:0/535,550.144.03:0/550}, x11-drivers/nvidia-drivers:0/565: multiple vulnerabilities <x11-drivers/nvidia-drivers-{535.274.02:0/535,570.195.03:0/570,580.95.05:0/580}, x11-drivers/nvidia-drivers:0/575: multiple vulnerabilities <x11-drivers/nvidia-drivers-{535.309.01:0/535,580.159.03:0/580,595.71.05:0/595}, x11-drivers/nvidia-drivers:0/{570,590}: multiple vulnerabilities	16	134
934736	Major	<app-editors/emacs-{26.3-r19,27.2-r17,28.2-r13,29.3-r3} <app-emacs/org-mode-9.7.5: org-mode command execution vulnerability CVE-2024-39331	560	719
957155	Major	<mail-client/roundcube-1.6.11 : Post-Auth RCE via PHP Object Deserialization	92	371
908905	Major	<dev-perl/HTTP-Daemon-6.160.0: Incorrect handling of multiple Content-Length headers CVE-2022-31081	65	1086
931653	Major	<www-client/chromium-124.0.6367.201, <www-client/google-chrome-124.0.6367.201, <www-client/microsoft-edge-124.0.2478.97: Use after free in Visuals CVE-2024-4671 <www-client/chromium-128.0.6613.113, <www-client/google-chrome-128.0.6613.113, <www-client/microsoft-edge-128.0.2739.54, <www-client/opera-114.0.5282.21: Multiple vulnerabilities <www-client/chromium-130.0.6723.58, <www-client/google-chrome-130.0.6723.58, <www-client/microsoft-edge-130.0.2849.46, <www-client/opera-115.0.5322.68: multiple vulnerabilities <www-client/chromium-130.0.6723.116, <www-client/google-chrome-130.0.6723.116, <www-client/microsoft-edge-130.0.2849.80, <www-client/opera-115.0.5322.77: Multiple vulnerabilities <www-client/chromium-146.0.7680.80, <www-client/google-chrome-146.0.7680.80, <www-client/microsoft-edge-146.0.3856.62, <www-client/opera-128.0.5807.77, <www-client/vivaldi-7.8.3925.81: multiple vulnerabilities <www-client/chromium-146.0.7680.177, <www-client/google-chrome-146.0.7680.177, <www-client/microsoft-edge-146.0.3856.97, <www-client/opera-131.0.5856.0, <www-client/vivaldi-7.9.3970.47: multiple vulnerabilities	65	762
931897	Major	<www-client/chromium-124.0.6367.207, <www-client/google-chrome-124.0.6367.207, <www-client/microsoft-edge-124.0.2478.105, <www-client/opera-110.0.5130.66: Out of bounds write in V8 CVE-2024-4761 <www-client/chromium-128.0.6613.113, <www-client/google-chrome-128.0.6613.113, <www-client/microsoft-edge-128.0.2739.54, <www-client/opera-114.0.5282.21: Multiple vulnerabilities <www-client/chromium-130.0.6723.58, <www-client/google-chrome-130.0.6723.58, <www-client/microsoft-edge-130.0.2849.46, <www-client/opera-115.0.5322.68: multiple vulnerabilities <www-client/chromium-130.0.6723.116, <www-client/google-chrome-130.0.6723.116, <www-client/microsoft-edge-130.0.2849.80, <www-client/opera-115.0.5322.77: Multiple vulnerabilities <www-client/chromium-146.0.7680.80, <www-client/google-chrome-146.0.7680.80, <www-client/microsoft-edge-146.0.3856.62, <www-client/opera-128.0.5807.77, <www-client/vivaldi-7.8.3925.81: multiple vulnerabilities <www-client/chromium-146.0.7680.177, <www-client/google-chrome-146.0.7680.177, <www-client/microsoft-edge-146.0.3856.97, <www-client/opera-131.0.5856.0, <www-client/vivaldi-7.9.3970.47: multiple vulnerabilities	65	758
932394	Major	<www-client/chromium-125.0.6422.76, <www-client/google-chrome-125.0.6422.76, <www-client/microsoft-edge-125.0.2535.67, <www-client/opera-111.0.5168.25: multiple vulnerabilities CVE-2024-5157 CVE-2024-5158 CVE-2024-5159 CVE-2024-5160 <www-client/chromium-128.0.6613.113, <www-client/google-chrome-128.0.6613.113, <www-client/microsoft-edge-128.0.2739.54, <www-client/opera-114.0.5282.21: Multiple vulnerabilities <www-client/chromium-130.0.6723.58, <www-client/google-chrome-130.0.6723.58, <www-client/microsoft-edge-130.0.2849.46, <www-client/opera-115.0.5322.68: multiple vulnerabilities <www-client/chromium-130.0.6723.116, <www-client/google-chrome-130.0.6723.116, <www-client/microsoft-edge-130.0.2849.80, <www-client/opera-115.0.5322.77: Multiple vulnerabilities <www-client/chromium-146.0.7680.80, <www-client/google-chrome-146.0.7680.80, <www-client/microsoft-edge-146.0.3856.62, <www-client/opera-128.0.5807.77, <www-client/vivaldi-7.8.3925.81: multiple vulnerabilities <www-client/chromium-146.0.7680.177, <www-client/google-chrome-146.0.7680.177, <www-client/microsoft-edge-146.0.3856.97, <www-client/opera-131.0.5856.0, <www-client/vivaldi-7.9.3970.47: multiple vulnerabilities	65	750
932675	Major	<www-client/-chromium-125.0.6422.112, <www-client/google-chrome-125.0.6422.112, <www-client/microsoft-edge-125.0.2535.67, <www-client/opera-111.0.5168.25: Type Confusion in V8 CVE-2024-5274	65	747
934192	Major	<www-client/chromium-126.0.6478.57 <www-client/google-chrome-126.0.6478.55 <www-client/microsoft-edge-126.0.2592.56, <www-client/opera-112.0.5197.25: multiple vulnerabilities CVE-2024-5830 CVE-2024-5831 CVE-2024-5832 CVE-2024-5833 CVE-2024-5834 CVE-2024-5835 CVE-2024-5836 CVE-2024-5837 CVE-2024-5838 CVE-2024-5839 CVE-2024-5840 CVE-2024-5841 CVE-2024-5842 CVE-2024-5843 CVE-2024-5844 CVE-2024-5845 CVE-2024-5846 CVE-2024-5847 <www-client/chromium-128.0.6613.113, <www-client/google-chrome-128.0.6613.113, <www-client/microsoft-edge-128.0.2739.54, <www-client/opera-114.0.5282.21: Multiple vulnerabilities <www-client/chromium-130.0.6723.58, <www-client/google-chrome-130.0.6723.58, <www-client/microsoft-edge-130.0.2849.46, <www-client/opera-115.0.5322.68: multiple vulnerabilities <www-client/chromium-130.0.6723.116, <www-client/google-chrome-130.0.6723.116, <www-client/microsoft-edge-130.0.2849.80, <www-client/opera-115.0.5322.77: Multiple vulnerabilities <www-client/chromium-146.0.7680.80, <www-client/google-chrome-146.0.7680.80, <www-client/microsoft-edge-146.0.3856.62, <www-client/opera-128.0.5807.77, <www-client/vivaldi-7.8.3925.81: multiple vulnerabilities <www-client/chromium-146.0.7680.177, <www-client/google-chrome-146.0.7680.177, <www-client/microsoft-edge-146.0.3856.97, <www-client/opera-131.0.5856.0, <www-client/vivaldi-7.9.3970.47: multiple vulnerabilities	65	728
934536	Major	<www-client/chromium-126.0.6478.114, <www-client/google-chrome-126.0.6478.114, <www-client/microsoft-edge-126.0.2592.68, <www-client/opera-112.0.5197.25: multiple vulnerabilities CVE-2024-6100 CVE-2024-6101 CVE-2024-6102 CVE-2024-6103 <www-client/chromium-128.0.6613.113, <www-client/google-chrome-128.0.6613.113, <www-client/microsoft-edge-128.0.2739.54, <www-client/opera-114.0.5282.21: Multiple vulnerabilities <www-client/chromium-130.0.6723.58, <www-client/google-chrome-130.0.6723.58, <www-client/microsoft-edge-130.0.2849.46, <www-client/opera-115.0.5322.68: multiple vulnerabilities <www-client/chromium-130.0.6723.116, <www-client/google-chrome-130.0.6723.116, <www-client/microsoft-edge-130.0.2849.80, <www-client/opera-115.0.5322.77: Multiple vulnerabilities <www-client/chromium-146.0.7680.80, <www-client/google-chrome-146.0.7680.80, <www-client/microsoft-edge-146.0.3856.62, <www-client/opera-128.0.5807.77, <www-client/vivaldi-7.8.3925.81: multiple vulnerabilities <www-client/chromium-146.0.7680.177, <www-client/google-chrome-146.0.7680.177, <www-client/microsoft-edge-146.0.3856.97, <www-client/opera-131.0.5856.0, <www-client/vivaldi-7.9.3970.47: multiple vulnerabilities	65	722

tracker (29)

Normal: 1 / ??: 28
Average staleness: 452 / Average age: 987

Bug	Severity	Summary	Stale	Age
915553	Normal	[Tracker] HTTP/2 Rapid Reset vulnerability CVE-2023-44487 Tracked bugs: 7 open / 14 total	300	975
824306	??	[Tracker] Vulnerability in gstreamer (CVE-2021-3522) CVE-2021-3522 Tracked bugs: 1 open / 2 total	1666	1666
807352	??	[Tracker] NO STARTTLS collection of vulnerabilities Tracked bugs: 2 open / 18 total	1386	1766
643228	??	[TRACKER] kernel: Meltdown and Spectre - A flaw in modern processors (CVE-2017-{5715,5753,5754}) Tracked bugs: 1 open / 7 total	830	3081
643342	??	[TRACKER] hw: cpu: speculative execution branch target injection (CVE-2017-5715) CVE-2017-5715 Tracked bugs: 1 open / 11 total	830	3080
920280	??	[Tracker] Terrapin Vulnerability CVE-2023-48795 Tracked bugs: 4 open / 10 total	782	906
932373	??	[Tracker] Mozilla Foundation Security Advisory for May 14/15th, 2024 CVE-2024-4367 CVE-2024-4767 CVE-2024-4768 CVE-2024-4769 CVE-2024-4770 CVE-2024-4777 MSFA2024-21 MSFA2024-22 MSFA2024-23 Tracked bugs: 263 open / 10000 total	751	751
942468	??	[Tracker] Mozilla Foundation Security Advisory for October 29, 2024 CVE-2024-10458 CVE-2024-10459 CVE-2024-10460 CVE-2024-10461 CVE-2024-10462 CVE-2024-10463 CVE-2024-10464 CVE-2024-10465 CVE-2024-10466 CVE-2024-10467 CVE-2024-10468 MFSA2024-55 MFSA2024-56 MFSA2024-57 MFSA2024-58 MFSA2024-59 Tracked bugs: 1 open / 3 total	590	590
942555	??	[TRACKER] Vulnerable containers/storage library leads to symlink traversal that can result in denial of service via OOM CVE-2024-9676 Tracked bugs: 4 open / 4 total	589	589
945049	??	[Tracker] Mozilla Foundation Security Advisory for November 26, 2024 CVE-2024-11692 CVE-2024-11694 CVE-2024-11695 CVE-2024-11696 CVE-2024-11697 CVE-2024-11699 CVE-2024-11700 CVE-2024-11701 CVE-2024-11704 CVE-2024-11705 CVE-2024-11706 CVE-2024-11708 MFSA2024-63 MFSA2024-64 MFSA2024-65 MFSA2024-67 MFSA2024-68 Tracked bugs: 1 open / 3 total	562	562

upstream (105)

Major: 10 / Normal: 23 / Minor: 49 / Trivial: 17 / ??: 6
Average staleness: 947 / Average age: 1503

Bug	Severity	Summary	Stale	Age
626822	Major	media-libs/libmad: Dos (memory corruption) via crafted MP3 files CVE-2017-11552	1869	3236
907924	Major	dev-python/reportlab: remote code execution CVE-2023-33733	1101	1101
866386	Major	app-arch/unzip: null pointer dereference CVE-2021-4217	977	1387
901393	Major	app-admin/doas: vulnerable to privilege escalation via TIOCSTI/TIOCLINUX command injection CVE-2023-28339	520	1184
970044	Major	<www-client/chromium-145.0.7632.75, <www-client/google-chrome-145.0.7632.75, <www-client/microsoft-edge-145.0.3800.58, <www-client/opera-127.0.5778.64, <www-client/vivaldi-7.8.3925.73: Use after free in CSS CVE-2026-2441 <www-client/chromium-145.0.7632.67, <www-client/google-chrome-145.0.7632.67, <www-client/microsoft-edge-145.0.3800.58, <www-client/opera-130.0.5846.0, <www-client/vivaldi-7.8.3925.73: multiple vulnerabilities <www-client/chromium-145.0.7632.109, <www-client/google-chrome-145.0.7632.109, <www-client/microsoft-edge-145.0.3800.70, <www-client/opera-130.0.5846.0, <www-client/vivaldi-7.8.3925.73: multiple vulnerabilities <www-client/chromium-145.0.7632.116, <www-client/google-chrome-145.0.7632.116, <www-client/microsoft-edge-145.0.3800.82, <www-client/opera-130.0.5846.0, <www-client/vivaldi-7.8.3925.74: multiple vulnerabilities <www-client/chromium-145.0.7632.159, <www-client/google-chrome-145.0.7632.159, <www-client/microsoft-edge-145.0.3800.97, <www-client/opera-130.0.5846.0, <www-client/vivaldi-7.8.3925.76: multiple vulnerabilities	90	118
970045	Major	<www-client/chromium-145.0.7632.67, <www-client/google-chrome-145.0.7632.67, <www-client/microsoft-edge-145.0.3800.58, <www-client/opera-130.0.5846.0, <www-client/vivaldi-7.8.3925.73: multiple vulnerabilities CVE-2026-2313 CVE-2026-2314 CVE-2026-2315 CVE-2026-2316 CVE-2026-2317 CVE-2026-2318 CVE-2026-2319 CVE-2026-2320 CVE-2026-2321 CVE-2026-2322 CVE-2026-2323 <www-client/chromium-145.0.7632.75, <www-client/google-chrome-145.0.7632.75, <www-client/microsoft-edge-145.0.3800.58, <www-client/opera-127.0.5778.64, <www-client/vivaldi-7.8.3925.73: Use after free in CSS	68	118
970311	Major	<www-client/chromium-145.0.7632.109, <www-client/google-chrome-145.0.7632.109, <www-client/microsoft-edge-145.0.3800.70, <www-client/opera-130.0.5846.0, <www-client/vivaldi-7.8.3925.73: multiple vulnerabilities CVE-2026-2648 CVE-2026-2649 CVE-2026-2650 <www-client/chromium-145.0.7632.75, <www-client/google-chrome-145.0.7632.75, <www-client/microsoft-edge-145.0.3800.58, <www-client/opera-127.0.5778.64, <www-client/vivaldi-7.8.3925.73: Use after free in CSS	68	112
970511	Major	<www-client/chromium-145.0.7632.116, <www-client/google-chrome-145.0.7632.116, <www-client/microsoft-edge-145.0.3800.82, <www-client/opera-130.0.5846.0, <www-client/vivaldi-7.8.3925.74: multiple vulnerabilities CVE-2026-3061 CVE-2026-3062 CVE-2026-3063 <www-client/chromium-145.0.7632.75, <www-client/google-chrome-145.0.7632.75, <www-client/microsoft-edge-145.0.3800.58, <www-client/opera-127.0.5778.64, <www-client/vivaldi-7.8.3925.73: Use after free in CSS	68	108
970908	Major	<www-client/chromium-145.0.7632.159, <www-client/google-chrome-145.0.7632.159, <www-client/microsoft-edge-145.0.3800.97, <www-client/opera-130.0.5846.0, <www-client/vivaldi-7.8.3925.76: multiple vulnerabilities CVE-2026-3536 CVE-2026-3537 CVE-2026-3538 CVE-2026-3539 CVE-2026-3540 CVE-2026-3541 CVE-2026-3542 CVE-2026-3543 CVE-2026-3544 CVE-2026-3545 <www-client/chromium-145.0.7632.75, <www-client/google-chrome-145.0.7632.75, <www-client/microsoft-edge-145.0.3800.58, <www-client/opera-127.0.5778.64, <www-client/vivaldi-7.8.3925.73: Use after free in CSS	68	99
972553	Major	app-arch/tar: multiple vulnerabilities CVE-2026-5704	33	61

upstreamebuild (38)

Major: 1 / Normal: 10 / Minor: 14 / Trivial: 8 / ??: 5
Average staleness: 477 / Average age: 1175

Bug	Severity	Summary	Stale	Age
918621	Major	media-libs/freeimage: multiple vulnerabilities CVE-2020-21426 CVE-2020-21427 CVE-2020-21428 CVE-2020-22524 CVE-2020-24292 CVE-2020-24293 CVE-2020-24294 CVE-2020-24295 CVE-2021-40262 CVE-2021-40263 CVE-2021-40264 CVE-2021-40265 CVE-2021-40266	26	928
798480	Normal	app-text/djvu: multiple vulnerabilities (CVE-2021-{3500,32490,32491,32492,32493}) CVE-2021-32490 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493 CVE-2021-3500	1623	1812
759544	Normal	www-misc/awstats: Arbitrary code execution (CVE-2020-35176) CVE-2020-35176	1395	2007
821346	Normal	dev-db/redis: integer overflow via bundled hiredis	1328	1682
836920	Normal	sys-apps/busybox: multiple vulnerabilities CVE-2022-28391 CVE-2022-30065	1035	1527
793953	Normal	net-dns/avahi: multiple DoS vulnerabilities CVE-2021-3468 CVE-2021-3502 CVE-2021-36217 CVE-2023-1981 CVE-2023-38469 CVE-2023-38470 CVE-2023-38471 CVE-2023-38472 CVE-2023-38473	949	1835
897952	Normal	app-text/htmltidy: arbitrary code execution CVE-2021-33391	713	1201
838382	Normal	media-sound/sox: multiple vulnerabilities CVE-2021-23159 CVE-2021-23172 CVE-2021-23210 CVE-2021-33844 CVE-2021-3643 CVE-2021-40426 CVE-2022-31650 CVE-2022-31651 CVE-2023-26590 CVE-2023-32627 CVE-2023-34318 CVE-2023-34432	120	1518
971093	Normal	sys-libs/glibc: nscd client crash on x86_64 under high nscd load CVE-2026-3904 GLIBC-SA-2026-0004	92	92
954007	Normal	net-libs/libsoup: multiple vulnerabilities CVE-2025-32049 CVE-2025-32050 CVE-2025-32051 CVE-2025-32052 CVE-2025-32053 CVE-2025-32906 CVE-2025-32908 CVE-2025-32909 CVE-2025-32910 CVE-2025-32911 CVE-2025-32912 CVE-2025-32913 CVE-2025-32914	27	419

ebuild (89)

Critical: 2 / Major: 6 / Normal: 30 / Minor: 31 / Trivial: 10 / ??: 10
Average staleness: 306 / Average age: 613

Bug	Severity	Summary	Stale	Age
918679	Critical	dev-libs/stb: multiple vulnerabilities CVE-2023-43281 CVE-2023-43898 CVE-2023-45661 CVE-2023-45662 CVE-2023-45663 CVE-2023-45664 CVE-2023-45666 CVE-2023-45667 CVE-2023-45675 CVE-2023-45676 CVE-2023-45677 CVE-2023-45678 CVE-2023-45679 CVE-2023-45680 CVE-2023-45681 CVE-2023-45682	795	926
937483	Critical	net-wireless/wpa_supplicant: possible privilege escalation CVE-2024-5290	411	673
942684	Major	sys-cluster/slurm: Incorrect Authorization CVE-2024-48936	445	587
953891	Major	www-client/firefox{-bin,}: multiple vulnerabilities CVE-2025-3608	38	422
953892	Major	mail-client/thunderbird{-bin,}: multiple vulnerabilities CVE-2025-2830 CVE-2025-3523 mail-client/thunderbird{,-bin}: (MFSA-2026-50, May 19, 2026)	38	422
940315	Major	net-print/cups-filters: Insufficient input validation CVE-2024-47177 GHSA-rj88-6mr5-rcw8	26	623
976061	Major	dev-lang/perl: heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds	16	16
976730	Major	dev-libs/libinput: Privilege escalation	7	7
802513	Normal	net-analyzer/fail2ban: code exection via malicious whois responses (CVE-2021-32749) CVE-2021-32749	1401	1791
821220	Normal	<sys-devel/gcc-12.1.0: Unicode "bidirectional override" (CVE-2021-42574)	1397	1683

stable? (43)

Major: 4 / Normal: 6 / Minor: 23 / Trivial: 6 / ??: 4
Average staleness: 21 / Average age: 39

Bug	Severity	Summary	Stale	Age
973393	Major	<net-misc/inetutils-2.8: Multiple vulnerabilities CVE-2026-28372 CVE-2026-32746	26	42
971935	Major	<sys-apps/util-linux-2.41.4: Multiple vulnerabilities CVE-2026-27456	23	70
965825	Major	<app-containers/containerd-{2.0.7,2.1.5}: multiple vulnerabilities CVE-2024-25621 CVE-2025-64329 GHSA-m6hq-p25p-ffr2 GHSA-pwhc-rpq9-4c8w	19	215
975999	Major	<net-print/hplip-3.26.4: Multiple vulnerabilities disclosed CVE-2026-8631 CVE-2026-8632	17	17
973318	Normal	<sys-apps/sed-4.10: TOCTOU with -i --follow-symlinks CVE-2026-5958	38	44
974284	Normal	<media-libs/gst-plugins-bad-1.26.11: multiple vulnerabilities GStreamer-SA-2026-0013 GStreamer-SA-2026-0015 GStreamer-SA-2026-0017	34	36
974286	Normal	<media-libs/gst-plugins-good-1.26.11: multiple vulnerabilities CVE-2026-5056 GStreamer-SA-2026-0016 GStreamer-SA-2026-0018 GStreamer-SA-2026-0020 GStreamer-SA-2026-0021 GStreamer-SA-2026-0022 ZDI-CAN-29392	34	36
974699	Normal	<net-print/cups-pdf-3.0.3: Privilege escalation	31	31
975091	Normal	<gnome-extra/yelp-49.1: vulnerable to opening malicious help files	27	27
972904	Minor	<app-shells/dash-0.5.13.3: Denial of service CVE-2026-31323	53	53

stable (37)

Major: 4 / Normal: 10 / Minor: 22 / Trivial: 1
Average staleness: 24 / Average age: 161

Bug	Severity	Summary	Stale	Age
966445	Major	<net-libs/webkit-gtk-2.50.4: multiple vulnerabilities CVE-2025-43392 CVE-2025-43425 CVE-2025-43427 CVE-2025-43429 CVE-2025-43430 CVE-2025-43431 CVE-2025-43432 CVE-2025-43434 CVE-2025-43440	20	199
975682	Major	<dev-db/redis-{8.2.6,8.4.3,8.6.3}: multiple vulnerabilities CVE-2026-23479 CVE-2026-23631 CVE-2026-25243 CVE-2026-25588 CVE-2026-25589 <dev-db/redis-8.2.3:0/8.2: Bug in XACKDEL may lead to stack overflow and potential RCE <dev-db/redis-{8.2.5,8.4.2,8.6.1}: possible data read manipulation by injecting \r\n sequences into a Redis error reply	20	21
975844	Major	<www-servers/nginx-{1.30.2,1.31.1}: RCE if using nested groups in rewrite CVE-2026-9256	15	20
972528	Normal	<dev-lang/go-{1.25.9, 1.26.2}: Multiple vulnerabilities CVE-2026-27140 CVE-2026-27143 CVE-2026-27144 CVE-2026-32280 CVE-2026-32281 CVE-2026-32282 CVE-2026-32283 CVE-2026-32288 CVE-2026-32289 CVE-2026-33810 <dev-lang/go-1.25.8: multiple vulnerabilities	59	61
973266	Normal	<app-misc/localsearch-3.10.2-r1: january 2026 vulnerabilities in MP3 Extracter CVE-2026-1764 CVE-2026-1765 CVE-2026-1766 CVE-2026-1767	43	46
974797	Normal	<net-mail/dovecot-2.4.4: Multiple vulnerabilities CVE-2026-27851 CVE-2026-33603 CVE-2026-40016 CVE-2026-40020 CVE-2026-42006 <net-mail/dovecot-2.4.3: Multiple vulnerabilities	29	30
967859	Normal	<dev-lang/php-{8.2.30,8.3.29,8.4.16,8.5.1}: multiple vulnerabilities CVE-2025-14177 CVE-2025-14178 CVE-2025-14180	28	171
965476	Normal	<dev-db/redis-8.2.3:0/8.2: Bug in XACKDEL may lead to stack overflow and potential RCE CVE-2025-62507 <dev-db/redis-{8.2.5,8.4.2,8.6.1}: possible data read manipulation by injecting \r\n sequences into a Redis error reply <dev-db/redis-{8.2.6,8.4.3,8.6.3}: multiple vulnerabilities	24	221
965041	Normal	<net-dns/bind-{9.18.42,9.20.16}: multiple vulnerabilities CVE-2025-40778 CVE-2025-40780 CVE-2025-8677 <net-dns/bind-{9.18.39, 9.20.21}: Malformed BRID/HHIT records can cause named to terminate unexpectedly <net-dns/bind-{9.18.47, 9.20.21}: multiple vulnerabilities <net-dns/bind-{9.18.49,9.20.23}: multiple vulnerabilities	20	231
972527	Normal	<sys-libs/musl-1.2.6-r1: Multiple vulnerabilities CVE-2026-40200 CVE-2026-6042	20	61

cleanup (111)

Critical: 2 / Major: 19 / Normal: 26 / Minor: 50 / Trivial: 10 / ??: 4
Average staleness: 98 / Average age: 336

Bug	Severity	Summary	Stale	Age
953023	Critical	<dev-lang/spidermonkey-128.9.0: multiple vulnerabilities <dev-lang/spidermonkey-128.4.0: multiple vulnerabilities <dev-lang/spidermonkey-128.5.0: multiple vulnerabilities <dev-lang/spidermonkey-128.6.0: multiple vulnerabilities <dev-lang/spidermonkey-128.8.0: multiple vulnerabilities <dev-lang/spidermonkey-128.13.0: multiple vulnerabilities	265	436
942471	Major	<dev-lang/spidermonkey-128.4.0: multiple vulnerabilities <dev-lang/spidermonkey-128.5.0: multiple vulnerabilities <dev-lang/spidermonkey-128.6.0: multiple vulnerabilities <dev-lang/spidermonkey-128.8.0: multiple vulnerabilities <dev-lang/spidermonkey-128.9.0: multiple vulnerabilities <dev-lang/spidermonkey-128.13.0: multiple vulnerabilities	393	590
950112	Major	<media-libs/openh264-2.6.0: Decoding functions heap overflow CVE-2025-27091 GHSA-m99q-5j7x-7m9x	270	474
951155	Major	<www-client/chromium-134.0.6998.88, <www-client/google-chrome-134.0.6998.88, <www-client/microsoft-edge-134.0.3124.62, <www-client/opera-119.0.5497.12: Multiple vulnerabilities CVE-2025-1920 CVE-2025-2135 CVE-2025-2136 CVE-2025-2137 <www-client/chromium-139.0.7258.127, <www-client/google-chrome-139.0.7258.127, <www-client/microsoft-edge-139.0.3405.102, <www-client/opera-123.0.5666.0, <www-client/vivaldi-7.6.3797.52: multiple vulnerabilities <www-client/chromium-139.0.7258.138, <www-client/google-chrome-139.0.7258.138, <www-client/microsoft-edge-138.0.3351.144, <www-client/opera-123.0.5666.0, <www-client/vivaldi-7.6.3797.52: Out of bounds write in V8 <www-client/chromium-139.0.7258.154, <www-client/google-chrome-139.0.7258.154, <www-client/microsoft-edge-139.0.3405.125, <www-client/opera-123.0.5666.0, <www-client/vivaldi-7.6.3797.52: use after free in ANGLE <www-client/chromium-140.0.7339.185, <www-client/google-chrome-140.0.7339.185, <www-client/microsoft-edge-140.0.3485.81, <www-client/opera-122.0.5643.51, <www-client/vivaldi-7.6.3797.52: multiple vulnerabilities <www-client/chromium-141.0.7390.54, <www-client/google-chrome-141.0.7390.54, <www-client/microsoft-edge-141.0.3537.57, <www-client/opera-125.0.5729.12, <www-client/vivaldi-7.7.3851.52: multiple vulnerabilities <www-client/chromium-141.0.7390.107, <www-client/google-chrome-141.0.7390.107, <www-client/microsoft-edge-141.0.3537.85, <www-client/opera-125.0.5729.12, <www-client/vivaldi-7.7.3851.52: Use after free in Safe Browsing <www-client/chromium-144.0.7559.109, <www-client/google-chrome-144.0.7559.109, <www-client/microsoft-edge-144.0.3719.104, <www-client/opera-128.0.5807.25, <www-client/vivaldi-7.8.3925.56: Inappropriate implementation in Background Fetch API <www-client/chromium-147.0.7727.15, <www-client/google-chrome-146.0.7680.153, <www-client/microsoft-edge-146.0.3856.72, <www-client/opera-131.0.5877.0, www-client/vivaldi: multiple vulnerabilities <www-client/chromium-147.0.7727.55, <www-client/google-chrome-147.0.7727.55, <www-client/microsoft-edge-147.0.3912.60, <www-client/opera-131.0.5877.0, www-client/vivaldi: multiple vulnerabilities	264	457
961477	Major	<www-client/chromium-139.0.7258.127, <www-client/google-chrome-139.0.7258.127, <www-client/microsoft-edge-139.0.3405.102, <www-client/opera-123.0.5666.0, <www-client/vivaldi-7.6.3797.52: multiple vulnerabilities CVE-2025-8879 CVE-2025-8880 CVE-2025-8881 CVE-2025-8882 CVE-2025-8901 <www-client/chromium-134.0.6998.88, <www-client/google-chrome-134.0.6998.88, <www-client/microsoft-edge-134.0.3124.62, <www-client/opera-119.0.5497.12: Multiple vulnerabilities <www-client/chromium-144.0.7559.109, <www-client/google-chrome-144.0.7559.109, <www-client/microsoft-edge-144.0.3719.104, <www-client/opera-128.0.5807.25, <www-client/vivaldi-7.8.3925.56: Inappropriate implementation in Background Fetch API <www-client/chromium-147.0.7727.15, <www-client/google-chrome-146.0.7680.153, <www-client/microsoft-edge-146.0.3856.72, <www-client/opera-131.0.5877.0, www-client/vivaldi: multiple vulnerabilities <www-client/chromium-147.0.7727.55, <www-client/google-chrome-147.0.7727.55, <www-client/microsoft-edge-147.0.3912.60, <www-client/opera-131.0.5877.0, www-client/vivaldi: multiple vulnerabilities	97	301
961834	Major	<www-client/chromium-139.0.7258.138, <www-client/google-chrome-139.0.7258.138, <www-client/microsoft-edge-138.0.3351.144, <www-client/opera-123.0.5666.0, <www-client/vivaldi-7.6.3797.52: Out of bounds write in V8 CVE-2025-9132 <www-client/chromium-134.0.6998.88, <www-client/google-chrome-134.0.6998.88, <www-client/microsoft-edge-134.0.3124.62, <www-client/opera-119.0.5497.12: Multiple vulnerabilities <www-client/chromium-144.0.7559.109, <www-client/google-chrome-144.0.7559.109, <www-client/microsoft-edge-144.0.3719.104, <www-client/opera-128.0.5807.25, <www-client/vivaldi-7.8.3925.56: Inappropriate implementation in Background Fetch API <www-client/chromium-147.0.7727.15, <www-client/google-chrome-146.0.7680.153, <www-client/microsoft-edge-146.0.3856.72, <www-client/opera-131.0.5877.0, www-client/vivaldi: multiple vulnerabilities <www-client/chromium-147.0.7727.55, <www-client/google-chrome-147.0.7727.55, <www-client/microsoft-edge-147.0.3912.60, <www-client/opera-131.0.5877.0, www-client/vivaldi: multiple vulnerabilities	97	294
962051	Major	<www-client/chromium-139.0.7258.154, <www-client/google-chrome-139.0.7258.154, <www-client/microsoft-edge-139.0.3405.125, <www-client/opera-123.0.5666.0, <www-client/vivaldi-7.6.3797.52: use after free in ANGLE CVE-2025-9478 <www-client/chromium-134.0.6998.88, <www-client/google-chrome-134.0.6998.88, <www-client/microsoft-edge-134.0.3124.62, <www-client/opera-119.0.5497.12: Multiple vulnerabilities <www-client/chromium-144.0.7559.109, <www-client/google-chrome-144.0.7559.109, <www-client/microsoft-edge-144.0.3719.104, <www-client/opera-128.0.5807.25, <www-client/vivaldi-7.8.3925.56: Inappropriate implementation in Background Fetch API <www-client/chromium-147.0.7727.15, <www-client/google-chrome-146.0.7680.153, <www-client/microsoft-edge-146.0.3856.72, <www-client/opera-131.0.5877.0, www-client/vivaldi: multiple vulnerabilities <www-client/chromium-147.0.7727.55, <www-client/google-chrome-147.0.7727.55, <www-client/microsoft-edge-147.0.3912.60, <www-client/opera-131.0.5877.0, www-client/vivaldi: multiple vulnerabilities	97	287
963024	Major	<www-client/chromium-140.0.7339.185, <www-client/google-chrome-140.0.7339.185, <www-client/microsoft-edge-140.0.3485.81, <www-client/opera-122.0.5643.51, <www-client/vivaldi-7.6.3797.52: multiple vulnerabilities CVE-2025-10500 CVE-2025-10501 CVE-2025-10502 CVE-2025-10585 <www-client/chromium-134.0.6998.88, <www-client/google-chrome-134.0.6998.88, <www-client/microsoft-edge-134.0.3124.62, <www-client/opera-119.0.5497.12: Multiple vulnerabilities <www-client/chromium-144.0.7559.109, <www-client/google-chrome-144.0.7559.109, <www-client/microsoft-edge-144.0.3719.104, <www-client/opera-128.0.5807.25, <www-client/vivaldi-7.8.3925.56: Inappropriate implementation in Background Fetch API <www-client/chromium-147.0.7727.15, <www-client/google-chrome-146.0.7680.153, <www-client/microsoft-edge-146.0.3856.72, <www-client/opera-131.0.5877.0, www-client/vivaldi: multiple vulnerabilities <www-client/chromium-147.0.7727.55, <www-client/google-chrome-147.0.7727.55, <www-client/microsoft-edge-147.0.3912.60, <www-client/opera-131.0.5877.0, www-client/vivaldi: multiple vulnerabilities	97	266
963638	Major	<www-client/chromium-141.0.7390.54, <www-client/google-chrome-141.0.7390.54, <www-client/microsoft-edge-141.0.3537.57, <www-client/opera-125.0.5729.12, <www-client/vivaldi-7.7.3851.52: multiple vulnerabilities CVE-2025-11205 CVE-2025-11206 CVE-2025-11207 CVE-2025-11208 CVE-2025-11209 CVE-2025-11210 CVE-2025-11211 CVE-2025-11212 CVE-2025-11213 CVE-2025-11215 CVE-2025-11216 CVE-2025-11219 <www-client/chromium-134.0.6998.88, <www-client/google-chrome-134.0.6998.88, <www-client/microsoft-edge-134.0.3124.62, <www-client/opera-119.0.5497.12: Multiple vulnerabilities <www-client/chromium-144.0.7559.109, <www-client/google-chrome-144.0.7559.109, <www-client/microsoft-edge-144.0.3719.104, <www-client/opera-128.0.5807.25, <www-client/vivaldi-7.8.3925.56: Inappropriate implementation in Background Fetch API <www-client/chromium-147.0.7727.15, <www-client/google-chrome-146.0.7680.153, <www-client/microsoft-edge-146.0.3856.72, <www-client/opera-131.0.5877.0, www-client/vivaldi: multiple vulnerabilities <www-client/chromium-147.0.7727.55, <www-client/google-chrome-147.0.7727.55, <www-client/microsoft-edge-147.0.3912.60, <www-client/opera-131.0.5877.0, www-client/vivaldi: multiple vulnerabilities	97	253
963959	Major	<www-client/microsoft-edge-141.0.3537.71, <www-client/chromium-141.0.7390.76, <www-client/opera-125.0.5729.12, <www-client/google-chrome-141.0.7390.76, <www-client/vivaldi-7.7.3851.52: multiple vulnerabilities CVE-2025-11458 CVE-2025-11460	97	246

glsa? (639)

Normal: 22 / Minor: 610 / Trivial: 3 / ??: 4
Average staleness: 511 / Average age: 899

Bug	Severity	Summary	Stale	Age
971843	Normal	<app-arch/xz-utils-5.8.3: Multiple vulnerabilities CVE-2026-34743	37	72
959851	Normal	<dev-qt/qtbase-6.9.1-r2: denial of service issue in QColorTransferGenericFunction (CVE-2025-5992) CVE-2025-5992	36	335
969626	Normal	<www-servers/nginx-{1.28.2,1.29.5}: MITM data injection in certain scenarios when using upstream TLS proxying CVE-2026-1642 <www-servers/nginx-1.26.3: SNI allowed to reuse SSL sessions in a different virtual server <www-servers/nginx-1.28.1: Processing of a specially crafted login/password in ngx_mail_smtp_module might cause worker process memory disclosure <www-servers/nginx-{1.28.3,1.29.7}: multiple vulnerabilities <www-servers/nginx-1.30.1: multiple vulnerabilities 969626, 949354, 967910, 971553, 974894	36	127
963099	Normal	mail-client/thunderbird: <143.0 & <140.3.0 September 2025 vulnerabilities <mail-client/thunderbird-{bin,}-{140.9.0,149.0}: multiple vulnerabilities 963099, 971589	34	265
966156	Normal	mail-client/thunderbird: <145.0 & <140.5.0 November 2025 vulnerabilities <mail-client/thunderbird-{bin,}-{140.9.0,149.0}: multiple vulnerabilities 966156, 971589	34	207
967325	Normal	www-client/firefox: <146.0 & <140.6.0 December 2025 vulnerabilities	34	182
967364	Normal	mail-client/thunderbird: <146.0 & <140.6.0 December 2025 vulnerabilities <mail-client/thunderbird-{bin,}-{140.9.0,149.0}: multiple vulnerabilities 967364, 971589	34	181
970421	Normal	<net-misc/yt-dlp-2026.02.21: arbitrary command injection with the --netrc-cmd option CVE-2026-26331	34	109
970560	Normal	www-client/firefox: <148.0 & <140.8.0 February 2026 vulnerabilities	34	106
970561	Normal	mail-client/thunderbird: <148.0 & <140.8.0 February 2026 vulnerabilities <mail-client/thunderbird-{bin,}-{140.9.0,149.0}: multiple vulnerabilities 970561, 971589	34	106

glsa (2)

Normal: 1 / Minor: 1
Average staleness: 35 / Average age: 89

Bug	Severity	Summary	Status	Stale	Age
970886	Normal	<media-libs/freetype-2.14.2: Multiple vulnerabilities CVE-2026-23865 <media-libs/freetype-2.14.3: Multiple vulnerabilities		34	99
971490	Minor	<media-libs/freetype-2.14.3: Multiple vulnerabilities <media-libs/freetype-2.14.2: Multiple vulnerabilities		37	80

Bug

Severity

Summary

Status

Stale

Age

970886

Normal

<media-libs/freetype-2.14.2: Multiple vulnerabilities

CVE-2026-23865

<media-libs/freetype-2.14.3: Multiple vulnerabilities

971490